Search results for tag #cryptography
![[?]](https://files.mastodon.social/accounts/avatars/111/771/294/235/437/140/original/1e0f4c1e1cf10ca9.jpg)
🎉 Proud moment for COSIC! Prof. Nigel Smart has received the #RSAC 2026 Award for Excellence in the Field of Mathematics for his groundbreaking work in #MPC, Threshold #Cryptography & foundational crypto research. Congratulations, Nigel! 👏
https://www.rsaconference.com/library/press-release/rsac-set-to-honor-mathematics-awards
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/299/474/477/585/155/original/d3d7444dd9bfd136.jpg)
Second #cryptography question: How widely accepted or controversial is the advice to use XSalsa20-Poly1305 in Latacora's "right answers" series? It's been a while since I've done serious cryptographic work, and the "Use AES" advice was pretty burned into my brain.
![[?]](https://files.mastodon.social/accounts/avatars/109/255/581/158/039/090/original/5ccd8f3caf2fce93.jpg)
Meta's Messenger gets a cryptographic shield nobody asked about - but everyone needed: Meta yesterday detailed the cryptography and confidential computing architecture behind Advanced Browsing Protection in Messenger, a tool that scans malicious links inside end-to-end encrypted chats without exposing user URLs to its own servers. https://ppc.land/metas-messenger-gets-a-cryptographic-shield-nobody-asked-about-but-everyone-needed/ #Meta #Messenger #Cryptography #Privacy #CyberSecurity
![[?]](https://fedicy.us.to/cy/s/avatar-7f459fc4aa91bc1c7e0e3f5fba3747aa.png){kind=avatar}
Additionally, if the police have taken over various publishers, it's possible to disseminate a new publication without the police knowing. Then revealing the (much smaller) decryption key via other means, the police can't retroactively censor the publication. It's already spread far and wide.
And that's why you encrypt stuff before uploading it.
1. Encrypt it and save the encryption key.
2. Take the hash of the encrypted content.
3. Anyone can request the encrypted content by that second hash.
4. Once it's been distributed enough, share the decryption key with someone over much more secure (slow) channels. Or leave a paper with the key on it sitting on a park bench or something.
5. Enjoy watching law enforcement scramble to find out the original source of who published that encrypted content.
6. Someone else re-encrypts the content to a different key.
7. Distribute the illegal thought crimes even further without law enforcement knowing.
![[?]](https://soc.octade.net/octade/s/3f7f2b5eda4e392867c301c49c2daa16.png)
- a neat hack for the properly paranoid -
Your computer is likely generating random noise on your sound card. On some systems you can harvest this noise as true random entropy. This entropy can be diffused and whitened for use in cryptography.
https://www.metzdowd.com/pipermail/cryptography/2026-March/039388.html
#Random #Entropy #Cryptography #Crypto #Hardware #Hacks #Sound #Audio #Chaos
@cypherpunk@soc.octade.net @cryptography@soc.octade.net @crypto@infosec.pub @cryptography@fed.dyne.org @cryptography@lemmy.ml
Alt...
Source code screenshot for harvesting entropy from a sound card. Follow the link to read the source code text.
COSIC researcher Mahdi Sedaghat presented Post-Quantum Readiness in EdDSA Chains at FC 2026 in St. Kitts.
#fc2026 #cryptography #fc
https://fc26.ifca.ai/program.html
https://soc.octade.net/cypherpunk/
A fediverse group for discussing topics and tools related to #cypherpunks.
#groups #fedigroups #fediverse #retro #cypherpunk #crypto #cryptography #encryption
@cryptography@soc.octade.net @cypherpunk@soc.octade.net
Alt...
Glowing green-lined skull on black background with digital circuit board lines and one eye a glowing bitcoin symbol and the other eye a glowing hashtag with the tagline 'CYPHERPUNK REVOLT'.
![[?]](https://assets.chaos.social/accounts/avatars/000/293/781/original/781f2844ec3f7f75.png)
«Decentralized P2P Chat & File Transfer - Secure Messaging Without Central Servers:
Creating decentralized P2P technology. Aiming to provide industry-grade cryptographic capabilities encapsulated into a webapp.»
Do any of you regularly use @xoron with several people at the same time or even professionally and what is your impression about it?
🐟 https://positive-intentions.com
#chat #p2p #e2ee #filetransfer #security #decentralization #webtools #webapp #pqc #pqcrypto #cryptography #noserver
Al Gore Invented the Internet.
Joe Biden invented PGP encryption.
Cypherpunks write code.
Joe Biden gifted humanity with PGP encryption (in a roundabout way). Phil Zimmermann created PGP in response to a anti-privacy bill clause proposed by Senator Joe Biden.
https://www.americanscientist.org/article/cypherpunks-write-code
"In 1990, the FBI launched an over-the-top crackdown on computer hackers, known as Operation Sundevil. This was swiftly followed, in early 1991, by a proposed piece of U.S. Senate legislation that would force electronic communications service providers to hand over people’s personal data. (The key clause, S.266, was pushed by the then chairman of the U.S. Senate Judiciary Committee, Senator Joe Biden.)"
"On learning of Biden’s S.266 clause, Zimmermann feverishly set out to complete the project, almost losing his house in the process. When he finished his software in 1991, he published it all online, free for anyone who wanted to use it. He called it “Pretty Good Privacy,” or PGP for short, and within weeks it had been downloaded and shared by thousands of people around the world. “Before PGP, there was no way for two ordinary people to communicate over long distances without the risk of interception,” said Zimmermann in a later interview. “Not by phone, not by FedEx, not by fax.” It remains the most widely used form of email encryption to this day."Joe Biden's first panopticon bill:
https://www.congress.gov/bill/102nd-congress/senate-bill/266
"SEC. 2201. COOPERATION OF TELECOMMUNICATIONS PROVIDERS WITH LAW ENFORCEMENT. It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law."As they say in Texas: That dinosaur don't hunt.
#Biden #JoeBiden #PGP #Cypherpunks #Cypherpunk #PhilZimmermann #Privacy #Cybersecurity #Cryptography #GPG #Email #Senate #Law #Government #Panopticon #Hackers #Hacking #Security #Encryption
![[?]](https://files.mastodon.social/accounts/avatars/112/066/993/516/962/338/original/65c95328ea8e0e54.jpg)
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/364/946/738/788/988/original/672df268059d56f0.png)
Reading up on the aes-js and pyaes IV issues discovered by @trailofbits I remembered something I ran into many moons ago (maybe about 15 years ago):
I discovered some prod C# encryption code that used a fixed salt in key&iv derivation code. It used a salt of 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76.
This code was obviously copypasted from a 2003 codeprojects.com post and the example code used verbatim, without understanding the implications.
Anyway, this kind of is somewhat similar, but just unmeasurably worse: https://blog.trailofbits.com/2026/02/18/carelessness-versus-craftsmanship-in-cryptography/
Carelessness versus craftsmanship in cryptography
Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. […] The aes-js/pyaes maintainer, on the other hand, has taken a more… cavalier approach.
🔓 https://blog.trailofbits.com/2026/02/18/carelessness-versus-craftsmanship-in-cryptography/
#aesctr #itsecurity #key #javascript #js #iv #pyaes #cryptography #carelessness #aes #cybersecurity #cryptography #itsec #encryption #craftsmanship #reuse #fail
![[?]](https://furry.engineer/system/accounts/avatars/109/322/877/307/596/237/original/547759b4fd336318.png)
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/113/247/756/313/164/165/original/70ea71b3dff2cf65.jpg)
Local-Only File Encryption with JavaScript.
I've been exploring the #WebCryptoAPI and I'm impressed!
When combined with the #FileSystemAPI, it offers a seemingly secure way to #encrypt and #store files directly on your device. Think #localstorage, but with #encryption!
I know #webapps can have #security vulnerabilities since the code is served over the web, so I've #OpenSourced my demo! You can check it out, and it should even work if #selfhosted on #GitHubPages.
Live Demo: https://dim.positive-intentions.com/?path=/story/usefs--encrypted-demo
Demo Code: https://github.com/positive-intentions/dim/blob/staging/src/stories/05-Hooks-useFS.stories.js
About the Dim framework:
https://positive-intentions.com/docs/category/dim
IMPORTANT NOTES (PLEASE READ!):
* This is NOT a product. It's for #testing and #demonstration purposes only.
* It has NOT been reviewed or audited. Do NOT use for sensitive data.
* The password encryption currently uses a hardcoded password. This is for demonstration, not security.
* This is NOT meant to replace robust solutions like #VeraCrypt. It's just a #proofofconcept to show what's possible with #browser #APIs.
#Encryption #Cryptography #JavaScript #Frontend #Privacy #Security #WebDevelopment #Coding #Developer #Tech #FOSS #OpenSource #GitHub #MastodonDev #Programming #WebStandards #FileSystem #WebAPI #ProofOfConcept
#DOI https://doi.org/10.5281/zenodo.18448042
A pangram is a sentence or phrase that contains each letter of an alphabet or character set at least once. A perfect pangram is an anagram of the alphabet which contains each letter exactly once.
Pangram hash generates a perfect pangram hash digest consisting of a anagram permutation of a character set. Each character in the output is unique and non-repeating.
#Hashing #Cryptography #Anagrams #Papers #Preprints
@cryptography@soc.octade.net @crypto@infosec.pub @cryptography@fed.dyne.org
Cryptography has ancient origins. It was a pragmatic solution to a simple problem: privacy.
![[?]](https://cdn.fosstodon.org/accounts/avatars/109/377/947/499/982/783/original/82c7cbab7a35bd34.jpg)
Really have enjoyed The Code Book by Simon Singh #Cryptography #cryptanalysis
Have ordered the David Kahn first edition of The Codebreakers from eBay to read next.
Alt...
The Code Book by Simon Singh. The science of secrecy from ancient Egypt to Quantum Cryptography
I see some people still using ancient PGP keys. GnuPG offers Linux repositories for updating to the latest versions of GnuPG with new expert features for key generation. Recent versions support both Kyber1024 and Goldilocks448 keys (and more).
Once installed run: :~$ gpg --full-generate-key --expert
New GnuPG Repositories for Debian, Ubuntu, and Devuan: Stable and Development Branches Available
https://www.gnupg.org/blog/20250827-new-repository.html
#PGP #GPG #PQC #GnuPG #Encryption #Cryptography #Privacy #Signatures #Kyber #Goldilocks #ED448 #Keys #PublicKey
![[?]](https://rockosbasilisk.com/system/accounts/avatars/109/454/856/779/847/142/original/0743a1a1952a8f69.png)
I’m exploring a post-crypto/post-ledger direction for Proof-of-Interaction:
no identity, no global consensus, trust grounded in physical causality and local state, not signatures or blockchains.
Looking for a crypto / protocol nerd who enjoys questioning first principles and would be up for a deep technical/philosophical consult.
Not a pitch. Not a startup grind. Just serious thinking.
#postcrypto #postledger #cryptography #distributedSystems #security #protocols #systemsThinking #web3Beyond
![[?]](https://files.flyovercountry.social/accounts/avatars/109/390/372/615/478/805/original/d3353c377531a46c.jpg)
Does anyone have good resources on [personal] key management? That is latest blog posts or books on the topic?
This is things like secure management and backup (SSS?), off-line/dedicated devices, managing many keys due to rotation, etc.
e.g. If you encrypt old/past keys, even with a secure key, and that key leaks, you need to know where all the encrypted data is to destroy/rewrite it with a new key, so you can't just keep tons of backups.
![[?]](https://loci.onl/system/accounts/avatars/000/000/035/original/35f0333758d2020a.jpg)
Saw this article going around "The State of OpenSSL for pyca/cryptography" (https://cryptography.io/en/latest/statements/state-of-openssl/) and it feels a little damning, there seems to be some concern about the direction that the widely used OpenSSL library is going in terms of speed/features.
![[?]](https://files.mastodon.social/accounts/avatars/114/048/194/944/023/530/original/3a6b93b37c67427d.png)
We found cryptography bugs in the elliptic library using Wycheproof
#HackerNews #cryptography #bugs #elliptic #library #Wycheproof #cybersecurity #TrailofBits
"Despite advancements in secure messaging, PGP (Pretty Good Privacy) encryption—developed in the 1990s—remains a gold standard for privacy. Unlike modern apps reliant on centralized servers or phone numbers, PGP ensures end-to-end encryption without third-party dependencies. This article explores PGP’s enduring relevance, key management best practices, and how it compares to contemporary solutions like Signal."More: https://undercodetesting.com/why-pgp-encryption-still-outperforms-modern-messaging-apps/
![[?]](https://mastodon.mauve.moe/system/accounts/avatars/000/000/002/original/e4b910cee121b1b8.png)
![[?]](https://media2.ai6yr.org/accounts/avatars/109/321/592/360/914/018/original/f918064fa4350d36.jpg)
A series of puzzles. Note: PDF from GCHQ, on the GCHQ website. Your identity is most likely logged and I am curious how clean the PDF is, LOL. PDF tracking cookies a thing? I wonder if they're laughing watching a bunch of people in various other intelligence agencies downloading the thing and logging all their IPs and details. 🤪
https://www.gchq.gov.uk/files/gchq%20christmas%20challenge%202025.pdf
